TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-12 18:32:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleanup idp, cleanup session actions

Browse Source
This commit is contained in:
Max Peintner
2024-12-20 10:57:56 +01:00
parent f1f7d661ce
commit 670ed71dd1
6 changed files with 115 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/login/src/components/idp-signin.tsx
View File

@@ -1,6 +1,6 @@
"use client"; "use client";
import { createNewSessionForIdp } from "@/lib/server/session"; import { createNewSessionFromIdpIntent } from "@/lib/server/idp";
import { useRouter } from "next/navigation"; import { useRouter } from "next/navigation";
import { useEffect, useState } from "react"; import { useEffect, useState } from "react";
import { Alert } from "./alert"; import { Alert } from "./alert";
@@ -27,7 +27,7 @@ export function IdpSignin({
const router = useRouter(); const router = useRouter();
useEffect(() => { useEffect(() => {
createNewSessionForIdp({ createNewSessionFromIdpIntent({
userId, userId,
idpIntent: { idpIntent: {
idpIntentId, idpIntentId,

88
apps/login/src/lib/server/idp.ts
View File

@@ -1,7 +1,14 @@
"use server"; "use server";
import { startIdentityProviderFlow } from "@/lib/zitadel"; import {
getLoginSettings,
getUserByID,
startIdentityProviderFlow,
} from "@/lib/zitadel";
import { headers } from "next/headers"; import { headers } from "next/headers";
import { getNextUrl } from "../client";
import { checkEmailVerification } from "../verify-helper";
import { createSessionForIdpAndUpdateCookie } from "./cookie";
export type StartIDPFlowCommand = { export type StartIDPFlowCommand = {
idpId: string; idpId: string;
@@ -32,3 +39,82 @@ export async function startIDPFlow(command: StartIDPFlowCommand) {
} }
}); });
} }
type CreateNewSessionCommand = {
userId: string;
idpIntent: {
idpIntentId: string;
idpIntentToken: string;
};
loginName?: string;
password?: string;
organization?: string;
authRequestId?: string;
};
export async function createNewSessionFromIdpIntent(
command: CreateNewSessionCommand,
) {
if (!command.userId || !command.idpIntent) {
throw new Error("No userId or loginName provided");
}
const userResponse = await getUserByID(command.userId);
if (!userResponse || !userResponse.user) {
return { error: "Could not find user" };
}
const loginSettings = await getLoginSettings(
userResponse.user.details?.resourceOwner,
);
const session = await createSessionForIdpAndUpdateCookie(
command.userId,
command.idpIntent,
command.authRequestId,
loginSettings?.externalLoginCheckLifetime,
);
if (!session || !session.factors?.user) {
return { error: "Could not create session" };
}
const humanUser =
userResponse.user.type.case === "human"
? userResponse.user.type.value
: undefined;
// check to see if user was verified
const emailVerificationCheck = checkEmailVerification(
session,
humanUser,
command.organization,
command.authRequestId,
);
if (emailVerificationCheck?.redirect) {
return emailVerificationCheck;
}
// TODO: check if user has MFA methods
// checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
const url = await getNextUrl(
command.authRequestId && session.id
? {
sessionId: session.id,
authRequestId: command.authRequestId,
organization: session.factors.user.organizationId,
}
: {
loginName: session.factors.user.loginName,
organization: session.factors.user.organizationId,
},
loginSettings?.defaultRedirectUri,
);
if (url) {
return { redirect: url };
}
}

11
apps/login/src/lib/server/passkeys.ts
View File

@@ -175,7 +175,16 @@ export async function sendPasskey(command: SendPasskeyCommand) {
? userResponse.user.type.value ? userResponse.user.type.value
: undefined; : undefined;
checkEmailVerification(session, humanUser, organization, authRequestId); const emailVerificationCheck = checkEmailVerification(
session,
humanUser,
organization,
authRequestId,
);
if (emailVerificationCheck?.redirect) {
return emailVerificationCheck;
}
const url = const url =
authRequestId && session.id authRequestId && session.id

12
apps/login/src/lib/server/password.ts
View File

@@ -142,26 +142,34 @@ export async function sendPassword(command: UpdateSessionCommand) {
const humanUser = user.type.case === "human" ? user.type.value : undefined; const humanUser = user.type.case === "human" ? user.type.value : undefined;
// check if the user has to change password first // check if the user has to change password first
checkPasswordChangeRequired( const passwordChangedCheck = checkPasswordChangeRequired(
session, session,
humanUser, humanUser,
command.organization, command.organization,
command.authRequestId, command.authRequestId,
); );
if (passwordChangedCheck?.redirect) {
return passwordChangedCheck;
}
// throw error if user is in initial state here and do not continue // throw error if user is in initial state here and do not continue
if (user.state === UserState.INITIAL) { if (user.state === UserState.INITIAL) {
return { error: "Initial User not supported" }; return { error: "Initial User not supported" };
} }
// check to see if user was verified // check to see if user was verified
checkEmailVerification( const emailVerificationCheck = checkEmailVerification(
session, session,
humanUser, humanUser,
command.organization, command.organization,
command.authRequestId, command.authRequestId,
); );
if (emailVerificationCheck?.redirect) {
return emailVerificationCheck;
}
// if password, check if user has MFA methods // if password, check if user has MFA methods
let authMethods; let authMethods;
if (command.checks && command.checks.password && session.factors?.user?.id) { if (command.checks && command.checks.password && session.factors?.user?.id) {

81
apps/login/src/lib/server/session.ts
View File

@@ -1,13 +1,9 @@
"use server"; "use server";
import { import { setSessionAndUpdateCookie } from "@/lib/server/cookie";
createSessionForIdpAndUpdateCookie,
setSessionAndUpdateCookie,
} from "@/lib/server/cookie";
import { import {
deleteSession, deleteSession,
getLoginSettings, getLoginSettings,
getUserByID,
listAuthenticationMethodTypes, listAuthenticationMethodTypes,
} from "@/lib/zitadel"; } from "@/lib/zitadel";
import { Duration } from "@zitadel/client"; import { Duration } from "@zitadel/client";
@@ -22,81 +18,6 @@ import {
getSessionCookieByLoginName, getSessionCookieByLoginName,
removeSessionFromCookie, removeSessionFromCookie,
} from "../cookies"; } from "../cookies";
import { checkPasswordChangeRequired } from "../verify-helper";
type CreateNewSessionCommand = {
userId: string;
idpIntent: {
idpIntentId: string;
idpIntentToken: string;
};
loginName?: string;
password?: string;
authRequestId?: string;
};
export async function createNewSessionForIdp(options: CreateNewSessionCommand) {
const { userId, idpIntent, authRequestId } = options;
if (!userId || !idpIntent) {
throw new Error("No userId or loginName provided");
}
const userResponse = await getUserByID(userId);
if (!userResponse || !userResponse.user) {
return { error: "Could not find user" };
}
const loginSettings = await getLoginSettings(
userResponse.user.details?.resourceOwner,
);
const session = await createSessionForIdpAndUpdateCookie(
userId,
idpIntent,
authRequestId,
loginSettings?.externalLoginCheckLifetime,
);
if (!session || !session.factors?.user) {
return { error: "Could not create session" };
}
const humanUser =
userResponse.user.type.case === "human"
? userResponse.user.type.value
: undefined;
// check if the user has to change password first
checkPasswordChangeRequired(
session,
humanUser,
session.factors.user.organizationId,
authRequestId,
);
// TODO: check if user has MFA methods
// checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
const url = await getNextUrl(
authRequestId && session.id
? {
sessionId: session.id,
authRequestId: authRequestId,
organization: session.factors.user.organizationId,
}
: {
loginName: session.factors.user.loginName,
organization: session.factors.user.organizationId,
},
loginSettings?.defaultRedirectUri,
);
if (url) {
return { redirect: url };
}
}
export async function continueWithSession({ export async function continueWithSession({
authRequestId, authRequestId,

5
apps/login/src/lib/verify-helper.ts
View File

@@ -35,6 +35,11 @@ export function checkEmailVerification(
organization?: string, organization?: string,
authRequestId?: string, authRequestId?: string,
) { ) {
console.log(
humanUser?.email,
process.env.EMAIL_VERIFICATION,
process.env.EMAIL_VERIFICATION === "true",
);
if ( if (
!humanUser?.email?.isVerified && !humanUser?.email?.isVerified &&
process.env.EMAIL_VERIFICATION === "true" process.env.EMAIL_VERIFICATION === "true"